- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
Classification:
attack
Tactic:
Technique:
Set up the auth0 integration.
Detects when multiple Auth0 Guardian multi-factor authentication (MFA) push notifications have been rejected by a user.
This rule allows you to monitor Auth0 logs and detect when multiple Auth0 Guardian MFA push notifications have been rejected by a user. Attackers may attempt to bypass MFA mechanisms and gain access to accounts by generating MFA requests sent to users. Bombarding users with MFA push notifications may result in the user finally accepting the authentication request.
{{@usr.id}}
to understand the context of push rejections, if the push notifications were initiated by the user.@evt.name:multifactor_push_notification_sent
and the specific @usr.id
to highlight push notifications. Compare previous geo-locations, user-agents and IP addresses for the user to determine if this is abnormal activity.